docs(integrations): linear live e2e + closeout (LT2)#78
Merged
Conversation
LT2 — verified the LT1 Linear surface against the live `waldosai` workspace
end-to-end from inside a real AgentBox box (in-box agent → host relay → host
`linear` v2.0.0 → Linear API). No source changes: the LT1 connector + shim +
GraphQL mutation gate worked as-shipped.
Captured live evidence: reads (`whoami`, `issue mine/list --team WAL`,
`team list`, `api { viewer … }`) pass with no approval prompt; `linear api
'mutation { … }'` exits 65 via `refuseGraphqlNonQuery` (verified at both the
shim path and the direct `agentbox-ctl integration linear api` path — the gate
lives in the connector); `linear auth token` exits 2 at the shim with the
raw-API-key-leak refusal. Three gated writes round-tripped through
`askPrompt` → orchestrator-approve → host `linear` → Linear API: created
**WAL-5**, added a comment, moved the issue to `Canceled`; each verified by a
ground-truth read after. `printenv | grep -E '^LINEAR'` inside the box
returns nothing — the only token-shaped env is `AGENTBOX_RELAY_TOKEN`.
Nested-box e2e deferred for the same architectural reason as Notion (the
in-box `agentbox-ctl` daemon forwards `/rpc` to the original host relay, so
a nested box's writes terminate at the original spawn regardless), and
because installing the real `linear` in this box would land at `/usr/bin/linear`
(npm prefix `/usr`) — the shim at `/usr/local/bin/linear` precedes it on
`$PATH` and keeps winning resolution, so the test setup would break the
primary e2e.
Marks the Linear path COMPLETE in `docs/integrations_backlog.md` (LT1+LT2
done) and flips LT2 to done in `docs/linear_backlog.md` with the full
evidence log. Adds a "Nested-box e2e — deferred, not blocking" section to
`docs/integrations.md` mirroring the Notion sub-section.
|
The latest updates on your projects. Learn more about Vercel for GitHub.
|
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Final task in the Linear integration session — verified the LT1 surface
against the live
waldosaiLinear workspace end-to-end from inside anAgentBox box, and closed out the Linear backlog with the captured evidence.
No source changes: the LT1 connector + shim + GraphQL mutation gate
worked as-shipped.
E2E evidence (live
waldosaiworkspace)All commands ran from inside this box (
in-box agent → host relay → hostlinearv2.0.0 → Linear API).Reads — no prompt
linear whoami→Workspace: waldosai … User: Marco D'Alia … Role: admin(exit 0).linear issue mine --team WAL --sort priority/linear issue list --team WAL --sort priority→ exit 0 (empty result onunstartedfilter, valid filtered read).linear team list→WAL Waldosai(team UUID09ca67e1-…).linear api '{ viewer { id name email } }'→{"data":{"viewer":{"id":"85d5fa14-…","name":"Marco D'Alia","email":"accounts@waldos.ai"}}}—refuseGraphqlNonQueryclassifies the{ … }shorthand as a query and passes it.GraphQL mutation gate — refused locally (exit 65)
linear api 'mutation { issueDelete(id:"x") { success } }'exits 65 with:linear api: only GraphQL queries are proxied (use issue.create / issue.update / issue.comment for writes); detected operation 'mutation'agentbox-ctl integration linear apipath — the gate lives in the connector, not the shim.auth token— refused at the shim (exit 2)linear auth tokenexits 2 with'auth token' leaks the raw API key — refused. Use 'linear whoami' for identity.Gated writes — three approve→succeed→ground-truth cycles
linear issue create --team WAL --title "agentbox LT2 e2e 20260607T000618Z" -d "…"→ host approval prompt → orchestrator approves → created WAL-5 (https://linear.app/waldosai/issue/WAL-5/agentbox-lt2-e2e-20260607t000618z). Ground-truthlinear issue view WAL-5confirms title + description + Backlog state.linear issue comment add WAL-5 -b "agentbox LT2 e2e comment via host relay (gated write)"→ approved → comment added (URL with#comment-3e8fe4e2fragment). Ground-truthlinear api '{ issue(id:"WAL-5") { … comments { nodes { body } } } }'confirms the body matches verbatim.linear issue update WAL-5 -s "Canceled"→ approved → state moved. Post-updatelinear issue view WAL-5shows**State:** Canceledand the comment thread.No-token assertion (the security property)
printenv | grep -E '^LINEAR'returns nothing ((no LINEAR_* keys present)).AGENTBOX_RELAY_TOKEN.~/.config/linear/credentials.tomlsits on disk for the nested-box scenario (where THIS box would host a nested-box's relay), but no agent process reads it during the primary e2e — the host's ownlineardoes, host-side, via its own~/.config/linear/.Nested-box e2e — deferred, not blocking
Same architectural reason as Notion's T4 deferral: the in-box
agentbox-ctldaemon forwards
/rpcto the original host relay(
host.docker.internal:8787), not to a relay running in this box — so anested box's
linear issue createwould terminate at the original host'srelay spawn regardless of whether this box has a real
linearinstalled.Additionally, installing the real
linearhere would land it at/usr/bin/linear(npm prefix/usr), but the shim at/usr/local/bin/linearprecedes it on
$PATHand keeps winning resolution — the test setup wouldbreak the primary e2e. Documented in
docs/integrations.mdunder"Linear → Nested-box e2e — deferred, not blocking", mirroring the Notion
sub-section.
Closeout
docs/linear_backlog.md— LT2 flipped to done (2026-06-07) with thefull evidence log appended.
docs/integrations_backlog.md— Linear path marked COMPLETE (LT1–LT2done) with the shipped-surface summary and the e2e evidence.
docs/integrations.md— new "Verification / live e2e results" and"Nested-box e2e — deferred, not blocking" sub-sections under Linear; the
shared Open-follow-ups "Nested-box e2e" bullet now covers both Notion and
Linear.
Verification
pnpm typecheck✅ (25/25 cached + fresh)pnpm test✅ (494 + 245 + 174 + … all passing)pnpm build✅ (FULL TURBO)/simplify✅ (no findings — docs-only diff)/review high✅ (1 finding fixed: corrected the npm-prefix-collision claim to the accurate PATH-shadowing mechanic; all other claims verified against ground truth)Test plan
whoami,issue mine/list,team list,api { viewer … }) round-trip with no promptrefuseGraphqlNonQuery(shim path + direct ctl path)linear auth tokenrefused at the shim with the raw-key-leak messageprintenv | grep -E '^LINEAR'returns nothing in the boxpnpm typecheck && pnpm test && pnpm buildall greenNote
Low Risk
Documentation-only updates with no runtime, auth, or relay behavior changes.
Overview
Documentation-only closeout for Linear integration LT2 — records live end-to-end verification against the
waldosaiworkspace and marks the Linear path complete in the integration trackers. No application or connector code changes.docs/integrations.mdgains Linear Verification / live e2e results (reads, GraphQL mutation refusal, shimauth tokenrefusal, gated create/comment/update on WAL-5, noLINEAR_*in the box) and Nested-box e2e — deferred, not blocking, aligned with Notion. The shared Open follow-ups nested-box bullet now covers both Notion and Linear.docs/integrations_backlog.mdpromotes Linear from not started to COMPLETE (LT1–LT2 done) with a shipped-surface and e2e summary; Trello/ClickUp remain not started.docs/linear_backlog.mdsets LT2 to done (2026-06-07) and appends the full LT2 evidence log (including nested-box deferral rationale).Reviewed by Cursor Bugbot for commit 23cb623. Configure here.